fix: restore pending permissions via REST API after session switch

jbro · jbro · commit ee140ff4df17 · 2026-04-28T11:54:10.000+02:00
renderer.reset() clears the permission queue on every session change.
The previous approach (preserve_permissions flag) tried to keep the queue
alive across resets, but permissions that arrived for a different worktree
while the user was away were never in the queue to begin with.

Mirror the question_window.restore_pending_question pattern instead:
after the session loads, query GET /permission for pending permissions,
filter for ones belonging to the active session, and show them.

This removes all preserve_permissions plumbing and the auto-deny
behaviour from reset() (the cancel function handles explicit abort).
diff --git a/lua/opencode/api_client.lua b/lua/opencode/api_client.lua
@@ -304,6 +304,13 @@ function OpencodeApiClient:unrevert_messages(id, directory)
   return self:_call('/session/' .. id .. '/unrevert', 'POST', nil, { directory = directory })
 end
 
+--- List pending permissions
+--- @param directory string|nil Directory path
+--- @return Promise<OpencodePermission[]>
+function OpencodeApiClient:list_permissions(directory)
+  return self:_call('/permission', 'GET', nil, { directory = directory })
+end
+
 --- Respond to a permission request
 --- @param id string Session ID (required)
 --- @param permissionID string Permission ID (required)
diff --git a/lua/opencode/ui/permission_window.lua b/lua/opencode/ui/permission_window.lua
@@ -269,6 +269,68 @@ function M._clear_dialog()
   end
 end
 
+---Query the server for pending permissions and restore any that belong
+---to the active session.  Mirrors question_window.restore_pending_question.
+---@param session_id string|nil
+function M.restore_pending_permissions(session_id)
+  local Promise = require('opencode.promise')
+  if not state.api_client or not session_id or session_id == '' then
+    return Promise.new():resolve(nil)
+  end
+
+  return state.api_client:list_permissions()
+    :and_then(function(permissions)
+      if not permissions or type(permissions) ~= 'table' then
+        return
+      end
+
+      local events = require('opencode.ui.renderer.events')
+      local render_state = require('opencode.ui.renderer.ctx').render_state
+
+      for _, permission in ipairs(permissions) do
+        if permission and permission.id then
+          -- Check if this permission belongs to the active session or
+          -- one of its child sessions (task tool).
+          local belongs = permission.sessionID == session_id
+          if not belongs and permission.sessionID and permission.sessionID ~= '' then
+            belongs = render_state:get_task_part_by_child_session(permission.sessionID) ~= nil
+          end
+          if not belongs then
+            local tool = permission.tool
+            local tool_message_id = tool and tool.messageID
+            if tool_message_id and state.messages then
+              for _, message in ipairs(state.messages) do
+                if message.info and message.info.id == tool_message_id then
+                  belongs = true
+                  break
+                end
+              end
+            end
+          end
+
+          if belongs then
+            -- Check if already queued (avoid duplicate)
+            local already_queued = false
+            for _, existing in ipairs(M._permission_queue) do
+              if existing.id == permission.id then
+                already_queued = true
+                break
+              end
+            end
+            if not already_queued then
+              events.on_permission_updated(permission)
+            end
+          end
+        end
+      end
+    end)
+    :catch(function(err)
+      vim.schedule(function()
+        vim.notify('Failed to restore pending permissions: ' .. vim.inspect(err), vim.log.levels.WARN)
+      end)
+    end)
+end
+
 ---Check if we have permissions
 ---@return boolean
 function M.has_permissions()
diff --git a/lua/opencode/ui/renderer.lua b/lua/opencode/ui/renderer.lua
@@ -246,16 +246,8 @@ M.on_session_updated = events.on_session_updated
 function M.reset()
   ctx:reset()
   output_window.clear()
-
-  local permissions = state.pending_permissions or {}
-  if #permissions > 0 and state.api_client then
-    for _, permission in ipairs(permissions) do
-      require('opencode.api').permission_deny(permission)
-    end
-  end
   permission_window.clear_all()
   state.renderer.reset()
-
   flush.trigger_on_data_rendered()
 end
 
@@ -405,10 +397,13 @@ function M.render_full_session()
     return Promise.new():resolve(nil)
   end
   return fetch_session():and_then(function(session_data)
-    M._render_full_session_data(session_data, { restore_model_from_messages = true })
+    M._render_full_session_data(session_data, {
+      restore_model_from_messages = true,
+    })
     local active_session = state.active_session
     if active_session and active_session.id then
       require('opencode.ui.question_window').restore_pending_question(active_session.id)
+      permission_window.restore_pending_permissions(active_session.id)
     end
     return session_data
   end)
